It would have been even better if he gave more clear examples of how such an attack would work. It's still not completely clear to me. And I don't think I have ever been exploited by an XSS attack in over 20 years of web browsing.